Thanks in advance!
When I try to disable Event Handlers, accessing by "Tactical Overview" -> "Event Handlers" -> Event Handlers check icon -> Commit Button. An error occurs with th text:
Sorry, but you are not authorized to commit the specified command.
Read the section of the documentation that deals with authentication and authorization in the CGIs for more information.
Return from whence you came
This is my current config:
ls -ltra / opt / nagios / var / rw
srw-rw ---- 1 nagios nagcmd 0 Jan 11 18:12 nagios.qh
drwxrwsrwx 2 nagios nagcmd 4096 Jan 11 18:12.
prw-rw ---- 1 nagios nagcmd 0 Jan 15 08:45 nagios.cmd
drwxrwxrwx 5 nagios nagios 4096 Jan 15 09:49 ..
/ etc / group
nagios: x: 503: apache
nagcmd: x: 504: nagios, apache
I have Access to Nagios Web Admin by LDAP Authentification. In my /opt/apache/conf/extra/httpd-nagios.conf have:
ScriptAlias / nagios / cgi-bin / opt / nagios / sbin
<Directory "/ opt / nagios / sbin">
Options ExecCGI
AllowOverride None
Order allow, deny
Allow from all
AuthBasicProvider ldap
AuthType Basic
AuthName "Restricted access"
AuthLDAPBindDN "CN = X, OU = X, OU = X, OU = X, DC = X, DC = X"
AuthLDAPBindPassword XXXX
AuthLDAPURL "ldap: // XXXXX"
AuthLDAPGroupAttributeIsDN on
require ldap-group CN = X, OU = X, OU = X, OU = \ <X \>, DC = X, DC = X
AuthzLDAPAuthoritative on
</ Directory>
Alias / nagios / opt / nagios / share
<Directory "/ opt / nagios / share">
Options None
AllowOverride None
Order allow, deny
Allow from all
AuthBasicProvider ldap
AuthType Basic
AuthName "Restricted access"
AuthLDAPBindDN "CN = X, OU = X, OU = X, OU = X, DC = X, DC = X"
AuthLDAPBindPassword XXXX
AuthLDAPURL "ldap: // XXXXX"
AuthLDAPGroupAttributeIsDN on
require ldap-group CN = X, OU = X, OU = X, OU = \ <X \>, DC = X, DC = X
AuthzLDAPAuthoritative on
</ Directory>
Where is my problem? I can't find the root of the problem ..
Could you help me?
thank you so much!
Authentication Problem disabling Event Handlers
Authentication Problem disabling Event Handlers
Last edited by iam33 on Wed Jan 17, 2018 2:49 am, edited 1 time in total.
Re: Authentication Problem disabling Event Handlers
I have found the problema is in cgi.cfg, in this file it´s necesary put all user that need cgi admin priviledges in there. But my problema comes with my LDAP configuration, how could I put the ldap group in this config like in httpd?
Re: Authentication Problem disabling Event Handlers
You cannot use a LDAP group in the cgi.cfg file so you would have to add each username to those options so the users will get the authorizations they need or you can put an "*" asterisk for the username so when any user logs in to the server, they will get the permissions granted to them.
In this examples ldapuser1 and ldapuser2 are the only two users with administrator right, all other user can login Nagios as normal user.
In this examples ldapuser1 and ldapuser2 are the only two users with administrator right, all other user can login Nagios as normal user.
Code: Select all
authorized_for_configuration_information=ldapuser1,ldapuser2
authorized_for_system_commands=ldapuser1,ldapuser2
authorized_for_all_services=*
authorized_for_all_hosts=*
authorized_for_all_services=*
authorized_for_all_hosts=*
authorized_for_all_service_commands=*
authorized_for_all_host_commands=*
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: Authentication Problem disabling Event Handlers
Hi, thanks!
I suppoused that about the ldap groups....it would be so good thar it would facility the manage task....
NOTE: For Enable /Disable event handlers, notifications or active/pasive checks from cgis, it´s only necesary include de users in this parameters of cgi.cfg:
authorized_for_system_commands
authorized_for_all_service_commands
authorized_for_all_host_commands
I suppoused that about the ldap groups....it would be so good thar it would facility the manage task....
NOTE: For Enable /Disable event handlers, notifications or active/pasive checks from cgis, it´s only necesary include de users in this parameters of cgi.cfg:
authorized_for_system_commands
authorized_for_all_service_commands
authorized_for_all_host_commands
Re: Authentication Problem disabling Event Handlers
Your welcome, let us know if you have any further questions of that is it OK to lock the post.
Be sure to check out our Knowledgebase for helpful articles and solutions!